Troj/Zbot-DMQ exhibits the following characteristics:
File Information
- Size
- 339K
- SHA-1
- 797973779d56ab6fcf96273c988104a55108caf9
- MD5
- 4ef7e06c38053cb053fce9bbd41b060f
- CRC-32
- 7645ef90
- File type
- Windows executable
- First seen
- 2013-01-09
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Uczau\jasu.exe
- Size
- 339K
- SHA-1
- f18a72c3248605bd8894430425b5fc8ffc805903
- MD5
- e7434586b581f2c7450f770997d78f26
- CRC-32
- ed144568
- File type
- Windows executable
- First seen
- 2013-01-09
- c:\Documents and Settings\test user\Local Settings\Application Data\ahyc.nax
- Size
- 477
- SHA-1
- 167faeca9fc20b52bacc8e7f5c0f9cb1ee99b02f
- MD5
- d49c1aa9b374cb77476b01b87c1ee97e
- CRC-32
- 95af8ba7
- File type
- Unspecified binary - probably data
- First seen
- 2013-01-09
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {5DA41964-5123-AD7F-97EB-E4E1BB5DC7F3}
- "c:\Documents and Settings\test user\Application Data\Uczau\jasu.exe"
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Ugzaf
- 12gc7c2b
- W0□□M□`m□ D□□s□□T□□s□0L□
Processes Created
- c:\Documents and Settings\test user\application data\uczau\jasu.exe
- c:\windows\system32\cmd.exe
IP Connections
- 188.9.39.146:23718
- 194.94.127.98:25549
- 208.92.13.2:21641
- 50.74.64.66:19047
- 62.103.213.87:25254
- 66.18.214.69:14152
- 71.131.130.38:27282
- 75.150.34.237:15334
- 76.106.141.113:22769
- 79.129.102.210:16150
- 87.202.128.142:26919
- 97.79.18.187:22652